MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5df1df35a5e9aac1ad39a2dd57fa998d715f27079b7a63c9832597a2d72f1949. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5df1df35a5e9aac1ad39a2dd57fa998d715f27079b7a63c9832597a2d72f1949
SHA3-384 hash: e1767905a54a1ae04db273797b65dc250c7ca669896e9c486aea5170f37491ddd898efc3430806d62d231fd2a8c0588d
SHA1 hash: 13a0df9e547c410b7b56dd906357c6d9821ce82c
MD5 hash: d972ff5f4d61d431fecab867a52b0826
humanhash: idaho-gee-finch-eight
File name:trial_vegasedit20_dlm_z72jp2.exe
Download: download sample
File size:6'287'488 bytes
First seen:2023-05-23 11:36:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 44c6df4d6ad5b1365fe34ff95c42592d
ssdeep 98304:J/lBI0kkvsx20xjBteQFelhjTtJuTA76Yn87Tm6saDN:J/7vsx20xdoQulSA7jnszzD
TLSH T17E567B233F46416DE00202B5C966D6291D258E7433B803E3EF8EB72B57B56D2A735B63
TrID 88.3% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
4.7% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
2.0% (.EXE) Win32 Executable (generic) (4505/5/1)
0.9% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon f0d4e8e8b2b2e0f0
Reporter Chainskilabs
Tags:exe signed

Code Signing Certificate

Organisation:MAGIX Software GmbH
Issuer:Symantec Class 3 SHA256 Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:2020-04-03T00:00:00Z
Valid to:2023-05-03T23:59:59Z
Serial number: 571c5f057eb903c6518711e156c4e75f
Thumbprint Algorithm:SHA256
Thumbprint: c1f8a614737954fc3505dba3b93140ff2a587b2b78ef12af8a798a85d9551324
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
268
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
trial_vegasedit20_dlm_z72jp2.exe
Verdict:
Malicious activity
Analysis date:
2023-05-23 11:37:34 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4c826bf9-9901-4dd8-9f32-4481e7f64311

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Changing a file
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/87568/overview
Behaviour
MalwareBazaar
CursorPosition
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
82%
Tags:
anti-debug greyware keylogger lolbin msiexec.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/646ca564e62be9e28494c869/reports/64b00482-a605-46e5-9449-14c002606a20/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/5df1df35a5e9aac1ad39a2dd57fa998d715f27079b7a63c9832597a2d72f1949
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/da6697d6-b2c2-4d4c-a9c5-121e461de5d1
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
5 / 100
Link:
https://www.joesandbox.com/analysis/1240753
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5df1df35a5e9aac1ad39a2dd57fa998d715f27079b7a63c9832597a2d72f1949/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lxy56nnf5gvmdljzulovp6uzrvyv6jyhtn5ghsmdewl2fvzpdfeq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/230523-nq6kbafa82/
Behaviour
Modifies system certificate store
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
df0efa4567cd88ad075fc5348cb265bb437d9f80183ede93d5c2fbbe630733ca
MD5 hash:
6e53c67b3e30ad524fe386fc36478ed5
SHA1 hash:
d7bafd632274a0b2e3302b6038535fd798a2c826
Link:
https://www.unpac.me/results/2b08a181-fe87-4bb6-b1e7-6ca291217323/
SH256 hash:
a318a8861ff060b6342ce5eaaa3c5f396085b2b1fc1361ab30aba6702ed7f858
MD5 hash:
53b03ed62823b2085088d5f7eef23e0e
SHA1 hash:
60b25927d3ab6c4b89699155c4ca7c944ff7d6aa
Link:
https://www.unpac.me/results/2b08a181-fe87-4bb6-b1e7-6ca291217323/
SH256 hash:
5e89f3306918f9ed25d342d18a709aab59013604b2d2fa58f140cb35a69a581d
MD5 hash:
04cef619bbb63c8b0c6d2f65672f8bef
SHA1 hash:
526f979e3eb3b35e35680b1ae962946dffffd9bf
Link:
https://www.unpac.me/results/2b08a181-fe87-4bb6-b1e7-6ca291217323/
SH256 hash:
d562cb789d103db2569ee2aaac6a0ab68ffb1000095ef3e112b08a18288435c7
MD5 hash:
fcf28c5d232f551eaec7bc1f4fae7c39
SHA1 hash:
092022ec06a573337278910fbbf18489571b7435
Link:
https://www.unpac.me/results/2b08a181-fe87-4bb6-b1e7-6ca291217323/
SH256 hash:
dd073175a68f4e8ae3a20deb5b397a2621447f9eb6e3d3a32c931393972150e8
MD5 hash:
aea20909707c7b72b6d99e0339bad52d
SHA1 hash:
93f039733a3cf65178601f380837cda83ed00d08
Link:
https://www.unpac.me/results/2b08a181-fe87-4bb6-b1e7-6ca291217323/
SH256 hash:
6ff11803f835fef0fbf37604e03b3d34b783ae63b2f70e2dda5f81664024274f
MD5 hash:
b04839dbc9931d52af0d3c0c8cb2fe99
SHA1 hash:
45e2de8d95af0007fae2ddd389fac9bf83ffc249
Link:
https://www.unpac.me/results/2b08a181-fe87-4bb6-b1e7-6ca291217323/
SH256 hash:
9b7b04b1ac493edfeb7c2d16955365e25f840df08f7281c35c6d765bb406ac79
MD5 hash:
10b37711517efdb2cbd7dc880b6f4664
SHA1 hash:
34de65b913305295f701e3465fafd5c99b7ecf11
Link:
https://www.unpac.me/results/2b08a181-fe87-4bb6-b1e7-6ca291217323/
SH256 hash:
6d9a4ec8ed62c10c282deff7ef238833cbafe1d432d2e194b9ec3fb4d06be742
MD5 hash:
1e40f17faa17c41aab12f0573ad68985
SHA1 hash:
0046fc72ad5e734722be23a5608f5d3dfe58b7f4
Link:
https://www.unpac.me/results/2b08a181-fe87-4bb6-b1e7-6ca291217323/
SH256 hash:
5df1df35a5e9aac1ad39a2dd57fa998d715f27079b7a63c9832597a2d72f1949
MD5 hash:
d972ff5f4d61d431fecab867a52b0826
SHA1 hash:
13a0df9e547c410b7b56dd906357c6d9821ce82c
Link:
https://www.unpac.me/results/2b08a181-fe87-4bb6-b1e7-6ca291217323/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5df1df35a5e9aac1ad39a2dd57fa998d715f27079b7a63c9832597a2d72f1949

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5df1df35a5e9aac1ad39a2dd57fa998d715f27079b7a63c9832597a2d72f1949

(this sample)

  
Delivery method
Distributed via web download

Comments